Skip to content

Commit b6b1666

Browse files
author
Till Brehm
committed
Fixed #4898 Reflected XSS issue in DNS module
1 parent e724179 commit b6b1666

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

interface/lib/classes/tform_base.inc.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -245,7 +245,7 @@ protected function _decode($record, $tab = '', $api = false) {
245245
*/
246246
function decode($record, $tab) {
247247
global $conf, $app;
248-
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab).");
248+
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: ".$app->functions->htmlentities($tab).").");
249249
return $this->_decode($record, $tab, false);
250250
}
251251

@@ -416,7 +416,7 @@ function getHTML($record, $tab, $action = 'NEW') {
416416
$this->action = $action;
417417

418418
if(!is_array($this->formDef)) $app->error("No form definition found.");
419-
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
419+
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).").");
420420

421421
/* CSRF PROTECTION */
422422
// generate csrf protection id and key
@@ -868,7 +868,7 @@ protected function _encode($record, $tab, $dbencode = true, $api = false) {
868868
function encode($record, $tab, $dbencode = true) {
869869
global $app;
870870

871-
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: $tab).");
871+
if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).").");
872872
return $this->_encode($record, $tab, $dbencode, false);
873873
}
874874

@@ -1437,7 +1437,7 @@ function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_whe
14371437
}
14381438

14391439
if(!is_array($this->formDef)) $app->error("Form definition not found.");
1440-
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab).");
1440+
if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: ".$app->functions->htmlentities($tab).").");
14411441

14421442
return $this->_getSQL($record, $tab, $action, $primary_id, $sql_ext_where, false);
14431443
}

0 commit comments

Comments
 (0)